lsmyrnaios
/
UrlsController
1
0
Fork 1
Code Issues Pull Requests Releases 10 Wiki Activity

Add support for all private addresses, defined in "RFC 1918" standard. This fixes the issue of discarding some "shutdownService" requests due to coming from different local private addresses, when the Controller was run inside a docker container.

This commit is contained in:
Lampros Smyrnaios 2023-06-15 13:26:27 +03:00
parent c37f157f51
commit 88a74b2c41
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/main/java/eu/openaire/urls_controller/services/ShutdownServiceImpl.java
View File

@ -13,6 +13,7 @@ import org.springframework.web.client.RestTemplate;
import javax.servlet.http.HttpServletRequest;
import java.net.ConnectException;
import java.util.regex.Pattern;
@Service
@ -21,6 +22,9 @@ public class ShutdownServiceImpl implements ShutdownService {
private static final Logger logger = LoggerFactory.getLogger(ShutdownServiceImpl.class);
// Private Addresses, according to RFC 1918: https://www.rfc-editor.org/rfc/rfc1918
private static final Pattern PRIVATE_IP_ADDRESSES_RFC_1918 = Pattern.compile("(?:10.|172.(?:1[6-9]|2[0-9]|3[0-1])|192.168.)[0-9.]+");
public ResponseEntity<?> passSecurityChecks(HttpServletRequest request, String initMsg)
{
@ -31,8 +35,8 @@ public class ShutdownServiceImpl implements ShutdownService {
String remoteAddr = GenericUtils.getRequestorAddress(request);
// In case the Controller is running inside a docker container, and we want to send the "shutdownServiceRequest" from the terminal (with curl), without entering inside the container,
// then the request will appear coming from a local IP (192.168.X.Y), instead of localhost.
if ( ! (remoteAddr.equals("127.0.0.1") || remoteAddr.startsWith("192.168.") || remoteAddr.equals(UriBuilder.ip) ) ) {
// then the request will appear coming from a local (private) IP, instead of localhost.
if ( ! (remoteAddr.equals("127.0.0.1") || remoteAddr.equals(UriBuilder.ip) || PRIVATE_IP_ADDRESSES_RFC_1918.matcher(remoteAddr).matches()) ) {
logger.error(initMsg + "The request came from another IP: " + remoteAddr + " | while the Controller has the IP: " + UriBuilder.ip);
return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
}